The framework needs a list of features and a list of operations they can support. The features provide the data context and are system dependent. The operations are the actions that can be performed on the data.
The roles are defined in terms of rules. The rules are essentially access rights that specify whether or not a certain operation is permitted on a feature.
For the purposes of this MIB, Domain Manager DM is the software functionality that executes in both the principal switch and in other switches. The Phase-2 group pertains to IPsec data tunnels. The History group aids applications that do trending analysis. The Failure group provides troubleshooting and debugging of the VPN router.
This MIB includes counters that detect potential security violations. Entities that have none of this data available are not listed in this MIB. The table in this MIB is sparse, so some of these variables may not exist for a particular entity at a particular time. For example, a powered-off module does not have a software ID and revision; a power supply would probably never have firmware or software information. Although the data may have other items encoded in it for example, a manufacturing date in the serial number , treat all data items as a single string unit.
Do not decompose them or parse them. Use only string equals and unequals operations on them. This MIB provides memory size, memory utilization, and boot image information for these processor modules. FRUs include assemblies such as power supplies, fans, processor modules, and interface modules. Sensors include power meters, temperature gauges, and chassis airflow measurements.
These OIDs uniquely identify the type of each physical entry. This MIB provides a configurable name, called a device alias , that can be used to reference a device on a Fibre Channel fabric. The device alias is a human-readable name for a world wide name WWN. In addition, it supports N ports and NL ports. A PortChannel port is a single logical port that contains multiple physical ports as its members. You can set the multicast root mode for any configured VSAN.
The fcRouteTable contains entries to a destination, sorted by VSAN, output interface, and protocol through which the route was learned. Use fcRoutePreference to select a route when more than one route to the same destination is present in the fcRouteTable.
A switch probe device attached to the SD port analyzes this traffic. The SPAN feature is nonintrusive and does not affect switching of network traffic for any of the source ports. FCC is a Cisco proprietary flow control mechanism that alleviates congestion on Fibre Channel networks.
This MIB enables managers to configure the FCC mechanism on the switch, provides statistics on the congestion control, gives notification of congestion state changes of the Fibre Channel port, and monitors the congestion state of the Fibre Channel port.
In terms of object syntax and semantics, the content of this Cisco MIB is the same as the corresponding Internet Draft revision. An FCS always maintains information pertaining to the local switch. However, it typically maintains only limited information on remote topology remote switch name and corresponding domain ID for each VSAN. To gather information about the whole topology, set up the desired VSANs in the fcsVsanDiscoveryList objects, and trigger the discovery process.
A brief explanation of bit position layout for the fcsVsanDiscoveryList objects follows:. The least significant bit in octet represents VSAN The results populate the other tables in this MIB. This MIB enables or disables optional features in the system. Disabling optional features makes the associated feature-specific MIB unavailable.
Optional features may require additional configuration beyond the high level control provided by this MIB. Refer to the associated feature-specific MIB for more configuration requirements.
Some optional features may also require a feature license. Refer to the appropriate Cisco MDS Family Configuration Guide at the following website for more information on the optional feature and licensing issues:. This MIB configures and monitors flash memory devices on a system. The MIB is organized hierarchically into the following categories:.
Generally, the Nxports are zoned with other devices which they need to communicate using this port WWN. However, if the device containing Nx port has to be replaced, zoning has to be reconfigured using the port WWN of the new device to eliminate the need for a zoning change, a special WWN is assigned to the corresponding Fport and the original port WWN is replaced with this special WWN for any device that is logging through the Fport.
In addition, the zoning is configured using the special WWN. This MIB was extracted from the draft-ietf-ipngwg-rfcupdate IKE dynamically negotiates security associations between peers and generates keys.
This MIB was extracted from portions of the the Internet Draft draft-ietf-ipsec-flow-monitoring-mib This MIB performs a high availability HA compatibility check of different software versions on the active and standby "supervisor engines", and it lists any incompatibilities. This MIB uses the following two tables to check the software and list any incompatibilities:. This MIB identifies the capabilities and characteristics of the running image.
This MIB can upgrade images on modules in the system, show the status of the upgrade operation, and show the type of images that could be run in the system. Examples of modules include a controller card or line card. The system fills up the ciuImageVariableTable with the type of images the system can support. For performing an upgrade operation, a management application must first read this table and use this information in other tables. The ciuImageURITable is also filled by the system and provides the image name presently running for each type of image in the system.
The user can configure a new image name for each image type as listed in ciuImageVariableTable. The system would use this image on the particular module on the next reboot.
The management application must first determine if an upgrade operation is already in progress in the system by reading the ciuUpgradeOpCommand. If it contains "none," no other upgrade operation is in progress.
Any other value signifies that an upgrade is in progress and a new upgrade operation is not allowed. Before starting an install, you must first verify version compatibility for the new set of image files in ciuImageLocInputTable. Set ciuUpgradOpCommand to "check" to compare these new image files to the current system configuration.
If ciuUpgradeOpStatus returns "success," then continue the installation process by setting ciuUpgradOpCommand to "install. The ciuUpgradeOpStatus object provides the status of the selected upgrade operation. The user can choose to upgrade only some modules by using ciuUpgradeTargetTable. If this table is empty, then an upgrade operation is performed on all the modules in the system.
This MIB configures IP address characteristics of the interfaces on a device, which includes configuring primary, secondary, and broadcast IP addresses. This MIB provides the ability to initiate, configure, and show discovery results for IP networks in a switch fabric.
The cippfIpProfileTable allows users to create, delete, and get information about filter profiles. Filter profiles are uniquely identified by the profile names.
Filter profiles can be either simple or extended usage types. The usage type cannot be changed once it has been created.
A filter profile can be applied to multiple interfaces. Filters and profiles are related if they have the same filter profile name. Filters can be created only if their associated filter profiles already exist in the cippfIpProfileTable.
Filters of the same profile name belong to a common profile. The interface-based cippfIfIpProfileTable can be configured with information independent of the other tables. However, if the profile name in this table matches any profile name in the cippfIpProfileTable and the profile name of any filter entry in the cippfIpFilterTable, the profile is active, and the filter entry is being applied to IP traffic passing through the attached device interfaces.
Therefore, any change to the filters in the cippfIpFilterTable or the profile itself in the cippfIpProfileTable affects all the attached interfaces. It deals with IPsec Phase-2 configuration only. Signaling protocols are also referred to in this document as control protocols because they perform session control.
This MIB contains major groups of objects that are used to manage the generic aspects of IPsec signaling.
These groups include the following information:. It is up to the gateway implementation how to represent the nodes in each of these networks. For example, a gateway implementation may choose to represent multiple Fibre Channel targets either as one iSCSI target many to one mapping or multiple iSCSI targets one to one mapping. These MIBs are related as follows:.
In this way, a management station can navigate between the two MIBs. The iSCSI connection is related to a TCP connection using its normal protocol, source address, source port, destination address, and destination port 5-tuple.
Multiple disjoint IP networks may terminate on a single Fibre Channel switch in a fabric. In such a scenario, the iSNS server must ensure that the targets returned on a query by iSCSI devices are filtered based on access control lists specified by the user during configuration , and also based on Gigabit Ethernet ports that are reachable by the IP network on which the iSCSI device is present. Each discovered set is referred to as an IP network.
The VSANs logically separate a single physical fabric into multiple logical fabrics. These logical fabrics can be grouped together to form an autonomous fabric. This MIB manages license files on the system. The licensing model has two options:. The license can specify a limit to the number of concurrent uses of the feature, a time limit on the feature, and the device where the feature can be used.
License files are provided to customers when licenses are purchased. Customers should copy the license file to a local computer to allow installation of the license to the switch.
The NPV traffic management feature allows end users to manage available bandwidth to core switches by reserving NP ports to carry traffic for specific servers. In previous releases, an F port could be assigned to any one of the available NP port connections, so available bandwidth to NPV core switches could not be managed explicitly.
The system fills up the ciuImageVariableTable with the type of images the system can support. For performing an upgrade operation, a management application must first read this table and use this information in other tables. The ciuImageURITable is also filled by the system and provides the image name presently running for each type of image in the system. The user can configure a new image name for each image type as listed in ciuImageVariableTable. The system would use this image on the particular module on the next reboot.
The management application must first determine if an upgrade operation is already in progress in the system by reading the ciuUpgradeOpCommand. If it contains "none," no other upgrade operation is in progress. Any other value signifies that an upgrade is in progress and a new upgrade operation is not allowed. Before starting an install, you must first verify version compatibility for the new set of image files in ciuImageLocInputTable.
Set ciuUpgradOpCommand to "check" to compare these new image files to the current system configuration. If ciuUpgradeOpStatus returns "success," then continue the installation process by setting ciuUpgradOpCommand to "install. The ciuUpgradeOpStatus object provides the status of the selected upgrade operation.
The user can choose to upgrade only some modules by using ciuUpgradeTargetTable. If this table is empty, then an upgrade operation is performed on all the modules in the system. This MIB provides the status of the monitoring parameter for a given sensor type in transceiver digital diagnostics on an interface.
The value of the monitoring parameter for a given sensor lies are bounded within maximum high and minimum low limits. If the current value is over the high limit, this status is set to highSet. Upon the value of the sensor coming back into the normal range between high and low values , this status is set to highClear.
Similarly, if the current value is below the low limit, this status is set to lowSet. Upon the value the sensor coming back into normal range subsequently, this. If the current value stays within the high and low limits, this status is set to normal. Also, subsequently after the status had been either highClear or lowClear, if the value is within the high and low limits, this status is set to normal.
This MIB configures IP address characteristics of the interfaces on a device, which includes configuring primary, secondary, and broadcast IP addresses.
This MIB provides the ability to initiate, configure, and show discovery results for IP networks in a switch fabric. The cippfIpProfileTable allows users to create, delete, and get information about filter profiles.
Filter profiles are uniquely identified by the profile names. Filter profiles can be either simple or extended usage types. The usage type cannot be changed once it has been created. A filter profile can be applied to multiple interfaces. Filters and profiles are related if they have the same filter profile name. Filters can be created only if their associated filter profiles already exist in the cippfIpProfileTable.
Filters of the same profile name belong to a common profile. The interface-based cippfIfIpProfileTable can be configured with information independent of the other tables. However, if the profile name in this table matches any profile name in the cippfIpProfileTable and the profile name of any filter entry in the cippfIpFilterTable, the profile is active, and the filter entry is being applied to IP traffic passing through the attached device interfaces.
Therefore, any change to the filters in the cippfIpFilterTable or the profile itself in the cippfIpProfileTable affects all the attached interfaces.
It deals with IPsec Phase-2 configuration only. Signaling protocols are also referred to in this document as control protocols because they perform session control. This MIB contains major groups of objects that are used to manage the generic aspects of IPsec signaling.
These groups include the following information:. It is up to the gateway implementation how to represent the nodes in each of these networks. For example, a gateway implementation may choose to represent multiple Fibre Channel targets either as one iSCSI target many to one mapping or multiple iSCSI targets one to one mapping.
These MIBs are related as follows:. In this way, a management station can navigate between the two MIBs. The iSCSI connection is related to a TCP connection using its normal protocol, source address, source port, destination address, and destination port 5-tuple. Multiple disjoint IP networks may terminate on a single Fibre Channel switch in a fabric. In such a scenario, the iSNS server must ensure that the targets returned on a query by iSCSI devices are filtered based on access control lists specified by the user during configuration , and also based on Gigabit Ethernet ports that are reachable by the IP network on which the iSCSI device is present.
Each discovered set is referred to as an IP network. The VSANs logically separate a single physical fabric into multiple logical fabrics. These logical fabrics can be grouped together to form an autonomous fabric. This MIB manages license files on the system. The licensing model has two options:. The license can specify a limit to the number of concurrent uses of the feature, a time limit on the feature, and the device where the feature can be used.
License files are provided to customers when licenses are purchased. Customers should copy the license file to a local computer to allow installation of the license to the switch. This MIB provides network management support that regulates the transmission of notifications generated by a system.
The system can generate several notifications that pertain to various events. Allowing every notification to transmit may lead to the network being flooded with an excess of network management traffic.
N port virtualization NPV architecture. Switches operating in the NPV mode do not join a fabric, rather they pass traffic. An entry in the cpkiTrustPointTable corresponds to a trusted CA that the switch uses to obtain an identity certificate and to verify the peer certificates issued by that CA.
The entry contains information about the CA certificate, which includes the following information:. A key-pair entry can be associated to multiple cpkiTrustPointTable entries, but a cpkiTrustPointTable entry is associated with only one key-pair entry. This MIB supports the certificate work-flow operations used for generating the key pairs and obtaining the certificates for them from various CAs. The following are the steps in one typical workflow:. Create a trustpoint an entry in cpkiTrustPointTable in the device.
Authenticate a CA. This step involves manually verifying the CA certificate or chain fingerprints and then inputting the CA certificate or chain into the trustpoint.
Associate the keypair to the trustpoint. Input the identity certificate into the trustpoint. In another typical certificate workflow, the keypair and the corresponding identity certificate are allowed to be generated or obtained outside of the device by whatever means and then input to the device in the pkcs 12 form.
Instead, the security services certificate usage configuration is supported in the respective feature MIBs. PortChannel refers to the aggregation of multiple physical Fibre Channel ports into one logical port to provide high-aggregated bandwidth, load balancing, and link redundancy.
This MIB provides configuration for port tracking. Port tracking allows the SAN fabric to recover quickly from indirect failures on a port.
An indirect failure occurs when a connection fails because of a problem on another link in the path from the port to its remote peer. A direct failure occurs when a link failure is detected on the local port. Direct failures implement recovery and redundant port failover more quickly than indirect failures, which are dependent on SAN application timeouts to detect a remote link failure.
To speed up recovery times for indirect failures, this MIB marks critical ports as tracked ports. Other dependent, or linked, ports can be associated with one or more tracked ports. When a tracked port fails, all linked ports are shut down, causing an immediate failover to redundant paths. This MIB provides a method of routing traffic over the selected preferred paths, not necessarily the shortest path, as chosen by routing protocols such as FSPF.
This type of control allows you to choose paths based on characteristics, such as frames received on a selected interface or frames with selected source FCID.
This feature allows you to ensure path separation between switches for different traffic between a host and a target. This information should be used as an estimate only. The PSM consists of two aspects: port binding and fabric binding. Port binding is concerned with the security of switch ports, and fabric binding is concerned with the security of the SAN fabric as a whole.
RF provides a mechanism for logical redundancy of software functionality and is designed to support "one -to-one" redundancy on processor cards. RF is not intended to solve all redundancy schemes. RF is not designed to support redundant hardware, such as power supplies.
Redundancy is concerned with the duplication of data elements and software functions to provide an alternative in case of failure. It is a key component to meeting In the scope of this MIB definition, peer software elements are redundant and redundant software elements are peers. A SPAN session is an association of one or more destination s with a set of source s , along with other parameters, to specify the network traffic to be monitored.
Each SPAN session is denoted by a unique number. Hosts can receive this information by registering with the fabric controller. SANTap is a Fibre Channel switch-based capability that provides a reliable copy of the data flowing between a set of one or more initiators and a set of one or more targets connected to the fabric.
The initiator should be connected to a port on the local switch. The target can be present anywhere in the fabric. The statistics gathered per flow and per LUN include SCSI reads, writes, transmit bytes, receive bytes, transmit frames, and receive frames. SSH provides secure communications between the network management application and the managed device. SME is an encryption service provided by an encryption node residing on a line card in a storage device.
This MIB module is for layer 2 tunneling related configurations on a device. Tunneling allows separate local networks to be considered as a single VLAN.
These separate networks are connected via an ISP, which will tunnel the packets from one network to an. Link Error Monitoring Feature provides a mechanism to monitor a certain set of link error counters on an interface and take certain actions when the increase in the error counters betwe.
MAC notification is a mechanism to inform monitoring devices when there are MAC addresses learnt or removed from the forwarding database of the monitored devices.
It defines the attributes of ITU H. This MIB module is used to monitor optical parameters of a network element. This MIB deals with the operating parameters of the optical layer. This MIB module defines objects to monitor optical characteristics and set corresponding thresholds on the optical interfaces in a network element. The MIB module for the management of packet capture feature. This MIB module is for providing the port monitoring information.
The MIB module is for configuration of policy and policy group. A policy group can be described as a set of entities identified by IP addresses or other means. Members of a policy group will be subjected to the same policy. In this MIB, user can apply a p. The MIB module to describe active system processes. Virtual Machine refers to those OS which can run the code or process of a different executional model OS.
Virtual P. This module defines the object identifiers that are assigned to various hardware platforms, and hence are returned as values for sysObjectID. This interface is a switch virtual interface which does not have any physical connecto. Port binding is concerned with the security of switch ports and Fabric binding with the security of the SAN fabric as a wh.
It also introduces a table that allows configuration of dynamic learning of the physical topol. This is the MIB module for objects used to manage interface queuing in Cisco devices. This MIB module provides information about the status and configuration of links used by service control entities. The link on a service control entity is a contained entity that joins subscriber side ports to network side ports.
The MIB module that provides a simple mechanism to support firmware upgrade on Cisco low end devices. The MIB module that provides a simple configuration of management interfaces on managed devices. For the purpose of this mib, a hub is a repeater group and stack is collection of one or more hubs interconnected via stack bus connectors.
The MIB module for downloading files to the Service Modules specifically designed for an architecture containing a controller card and a group of sub- ordinate cards or service modules as in a Switch. These files could contain information for performing. The Structure of Management Information for the Cisco enterprise.
This MIB provides configuration and runtime status for chassis, modules, ports, etc. The MIB module for managing Cisco extensions to the This module defines textual conventions used in Storage Area Network technology specific mibs. This MIB module defines textual conventions describing subscriber session identities.
A subscriber session identity consists of data associated with a subscriber session serving as credentials used to determine authority, status, rights, or entitlement to. This MIB module defines textual conventions describing subscriber sessions.
Autostate feature is a mechanism to calculate the state of a SVI dynamically when some condition occurs such as a failure of a participating interface in that SVI. VPN - Virtual private network. This MIB module defined managed objects that facilitates the management of switching fabric information in a Cisco switch.
Rate limits prevents redirected control packets for egress exceptions from overwhelming the supervisor module on a device. The MIB module provides management information for configuration and monitoring of traffic statistics on Ciscos switching devices. This MIB provides the configuration of System Information Logging feature, which allows a certain number of commands to be executed periodically via command line interface, and stores the result into a file on a configured server.
This mib module also provides the information on core files that are generated in the system. The systemGroup see RFC provides a standard set of basic system information. This module manages Ciscos intercept feature. This MIB defines a generic stream table that contains fields common to all intercept types. Specific intercept filters are defined in extension MIBs. This MIB module provides network management support for configuration and status information of devices supporting transparent bridging functions.
This module defines textual conventions used throughout cisco enterprise mibs. This is the MIB module for objects used to manage the cisco tcp offload feature.
This offloads the host from the protocol processing and. MIB module for displaying and configuring Telnet related features in a device. Telnet is a program to log into another computer over a network, to execute commands in a remote machine. This module defines the textual conventions used within Cisco Trusted Security framework. Three mappings are defined: parent managed object to child managed object, child managed object to parent managed object, and managed object distinguished name to OID.
Fault traps notifications issued by the UCS system. This MIB module defines a collection of common video-related textual conventions to be used in Cisco MIBS for video-capable products and network equipments. A set of managed objects for optimizing access to bridging related data from RFC Translation is typically used for se.
0コメント